def test_OktaOpenVPNValidator_run(self):
        cfg = {
            'okta_url': self.okta_url,
            'okta_token': self.okta_token,
            }
        tmp = tempfile.NamedTemporaryFile()
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password'],
            'auth_control_file': tmp.name,
            'assert_pin': self.herokuapp_dot_com_pin,
            })

        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env

        validator.run()

        self.assertTrue(validator.user_valid)
        tmp.file.seek(0)
        rv = tmp.file.read()
        self.assertEquals(rv, '1')
        last_error = self.okta_log_messages['info'][-1:][0]
        self.assertIn('is now authenticated with MFA via Okta API', last_error)
    def test_control_file_directory_has_bad_permissions(self):
        cfg = self.config

        tmp_dir = tempfile.mkdtemp()
        tmp = tempfile.NamedTemporaryFile(dir=tmp_dir)
        os.chmod(tmp_dir, 0777)
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password'],
            'auth_control_file': tmp.name,
            'assert_pin': self.herokuapp_dot_com_pin,
            })
        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env

        msgs = self.expected_messages
        msgs.append('directory containing')

        self.assertRaises(ControlFilePermissionsError, validator.run)
        last_error = self.okta_log_messages['critical'][-1:][0]
        for msg in msgs:
            self.assertIn(msg, last_error)
        tmp.close()
        os.rmdir(tmp_dir)
Exemplo n.º 3
0
    def test_control_file_directory_has_bad_permissions(self):
        cfg = self.config

        tmp_dir = tempfile.mkdtemp()
        tmp = tempfile.NamedTemporaryFile(dir=tmp_dir)
        os.chmod(tmp_dir, 0777)
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password'],
            'auth_control_file': tmp.name,
            'assert_pin': self.herokuapp_dot_com_pin,
        })
        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env

        msgs = self.expected_messages
        msgs.append('directory containing')

        self.assertRaises(ControlFilePermissionsError, validator.run)
        last_error = self.okta_log_messages['critical'][-1:][0]
        for msg in msgs:
            self.assertIn(msg, last_error)
        tmp.close()
        os.rmdir(tmp_dir)
Exemplo n.º 4
0
 def test_okta_verify_push_int(self, patched_time_sleep):
     cfg = {
         'okta_url': self.okta_url,
         'okta_token': self.okta_token,
         'mfa_push_max_retries': int(20),
         'mfa_push_delay_secs': int(11),
         }
     env = MockEnviron({
         'common_name': '*****@*****.**',
         'password': self.config['password']
         })
     validator = OktaOpenVPNValidator()
     validator.site_config = cfg
     validator.env = env
     validator.load_environment_variables()
     validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin]
     validator.authenticate()
     for call in patched_time_sleep.call_args_list:
         args, kwargs = call
         for arg in args:
             import pprint
             pprint.pprint(arg)
             msg = "time.sleep() must be called with a float not %s"
             assert isinstance(arg, float), msg % type(arg)
     patched_time_sleep.assert_called_with(11)
Exemplo n.º 5
0
    def test_OktaOpenVPNValidator_run(self):
        cfg = {
            'okta_url': self.okta_url,
            'okta_token': self.okta_token,
            }
        tmp = tempfile.NamedTemporaryFile()
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password'],
            'auth_control_file': tmp.name,
            'assert_pin': self.herokuapp_dot_com_pin,
            })

        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env

        validator.run()

        self.assertTrue(validator.user_valid)
        tmp.file.seek(0)
        rv = tmp.file.read()
        self.assertEquals(rv, '1')
        last_error = self.okta_log_messages['info'][-1:][0]
        self.assertIn('is now authenticated with MFA via Okta API', last_error)
 def test_okta_url_no_token(self):
     cfg = {"okta_url": self.okta_url}
     env = MockEnviron({})
     validator = OktaOpenVPNValidator()
     validator.site_config = cfg
     validator.env = env
     rv = validator.load_environment_variables()
     self.assertEquals(rv, False)
     last_error = self.okta_log_messages["critical"][-1:][0]
     self.assertIn("OKTA_TOKEN not defined", last_error)
 def test_no_username_or_password(self):
     cfg = {"okta_url": self.okta_url, "okta_token": self.okta_token}
     env = MockEnviron({})
     validator = OktaOpenVPNValidator()
     validator.site_config = cfg
     validator.env = env
     rv = validator.load_environment_variables()
     rv = validator.authenticate()
     self.assertEquals(rv, False)
     last_error = self.okta_log_messages["warning"][-1:][0]
     self.assertIn("is not trusted - failing", last_error)
 def test_authenticate_handles_exceptions(self):
     cfg = {"okta_url": self.okta_url, "okta_token": self.okta_token}
     env = MockEnviron({"common_name": self.config["username"], "password": self.config["password"]})
     validator = OktaOpenVPNValidator()
     validator.cls = ThrowsErrorOktaAPI
     validator.site_config = cfg
     validator.env = env
     validator.load_environment_variables()
     rv = validator.authenticate()
     self.assertEquals(rv, False)
     last_error = self.okta_log_messages["error"][-1:][0]
     self.assertIn("authentication failed, because", last_error)
Exemplo n.º 9
0
 def test_okta_url_no_token(self):
     cfg = {
         'okta_url': self.okta_url
     }
     env = MockEnviron({})
     validator = OktaOpenVPNValidator()
     validator.site_config = cfg
     validator.env = env
     rv = validator.load_environment_variables()
     self.assertEquals(rv, False)
     last_error = self.okta_log_messages['critical'][-1:][0]
     self.assertIn('OKTA_TOKEN not defined', last_error)
    def test_with_username_and_password(self):
        cfg = {"okta_url": self.okta_url, "okta_token": self.okta_token}
        env = MockEnviron({"common_name": self.config["username"], "password": self.config["password"]})
        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env
        validator.load_environment_variables()
        validator.okta_config["assert_pinset"] = [self.herokuapp_dot_com_pin]

        rv = validator.authenticate()
        self.assertEquals(rv, True)
        last_error = self.okta_log_messages["info"][-1:][0]
        self.assertIn("is now authenticated with MFA via Okta API", last_error)
Exemplo n.º 11
0
 def test_no_username_or_password(self):
     cfg = {
         'okta_url': self.okta_url,
         'okta_token': self.okta_token,
         }
     env = MockEnviron({})
     validator = OktaOpenVPNValidator()
     validator.site_config = cfg
     validator.env = env
     rv = validator.load_environment_variables()
     rv = validator.authenticate()
     self.assertEquals(rv, False)
     last_error = self.okta_log_messages['warning'][-1:][0]
     self.assertIn('is not trusted - failing', last_error)
Exemplo n.º 12
0
 def test_authenticate_handles_exceptions(self):
     cfg = {
         'okta_url': self.okta_url,
         'okta_token': self.okta_token,
         }
     env = MockEnviron({
         'common_name': self.config['username'],
         'password': self.config['password']
         })
     validator = OktaOpenVPNValidator()
     validator.cls = ThrowsErrorOktaAPI
     validator.site_config = cfg
     validator.env = env
     validator.load_environment_variables()
     rv = validator.authenticate()
     self.assertEquals(rv, False)
     last_error = self.okta_log_messages['error'][-1:][0]
     self.assertIn('authentication failed, because', last_error)
Exemplo n.º 13
0
 def test_authenticate_handles_exceptions(self):
     cfg = {
         'okta_url': self.okta_url,
         'okta_token': self.okta_token,
         }
     env = MockEnviron({
         'common_name': self.config['username'],
         'password': self.config['password']
         })
     validator = OktaOpenVPNValidator()
     validator.cls = ThrowsErrorOktaAPI
     validator.site_config = cfg
     validator.env = env
     validator.load_environment_variables()
     rv = validator.authenticate()
     self.assertEquals(rv, False)
     last_error = self.okta_log_messages['error'][-1:][0]
     self.assertIn('authentication failed, because', last_error)
Exemplo n.º 14
0
    def test_with_username_and_password(self):
        cfg = {
            'okta_url': self.okta_url,
            'okta_token': self.okta_token,
            }
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password']
            })
        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env
        validator.load_environment_variables()
        validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin]

        rv = validator.authenticate()
        self.assertEquals(rv, True)
        last_error = self.okta_log_messages['info'][-1:][0]
        self.assertIn('is now authenticated with MFA via Okta API', last_error)
Exemplo n.º 15
0
    def test_okta_verify_push_fails(self):
        cfg = {
            'okta_url': self.okta_url,
            'okta_token': self.okta_token,
            'mfa_push_max_retries': 20,
            'mfa_push_delay_secs': self.mfa_push_delay_secs,
            }
        env = MockEnviron({
            'common_name': '*****@*****.**',
            'password': self.config['password']
            })
        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env
        validator.load_environment_variables()
        validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin]

        rv = validator.authenticate()
        self.assertEquals(rv, False)
Exemplo n.º 16
0
    def test_with_username_and_password(self):
        cfg = {
            'okta_url': self.okta_url,
            'okta_token': self.okta_token,
            }
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password']
            })
        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env
        validator.load_environment_variables()
        validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin]

        rv = validator.authenticate()
        self.assertEquals(rv, True)
        last_error = self.okta_log_messages['info'][-1:][0]
        self.assertIn('is now authenticated with MFA via Okta API', last_error)
Exemplo n.º 17
0
    def test_okta_verify_push(self):
        cfg = {
            'okta_url': self.okta_url,
            'okta_token': self.okta_token,
            'mfa_push_max_retries': 20,
            'mfa_push_delay_secs': self.mfa_push_delay_secs,
            }
        env = MockEnviron({
            'common_name': '*****@*****.**',
            'password': self.config['password']
            })
        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env
        validator.load_environment_variables()
        validator.okta_config['assert_pinset'] = [self.herokuapp_dot_com_pin]

        rv = validator.authenticate()
        self.assertEquals(rv, True)
        last_error = self.okta_log_messages['info'][-1]
        self.assertIn('is now authenticated with MFA via Okta API', last_error)
Exemplo n.º 18
0
    def test_connect_to_unintended_server_writes_0_to_control_file(self):
        cfg = self.config
        cfg['okta_url'] = 'https://example.com'

        tmp = tempfile.NamedTemporaryFile()
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password'],
            'auth_control_file': tmp.name,
        })

        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env

        validator.run()

        self.assertFalse(validator.user_valid)
        tmp.file.seek(0)
        rv = tmp.file.read()
        self.assertEquals(rv, '0')
    def test_connect_to_unintended_server_writes_0_to_control_file(self):
        cfg = self.config
        cfg['okta_url'] = 'https://example.com'

        tmp = tempfile.NamedTemporaryFile()
        env = MockEnviron({
            'common_name': self.config['username'],
            'password': self.config['password'],
            'auth_control_file': tmp.name,
            })

        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env

        validator.run()

        self.assertFalse(validator.user_valid)
        tmp.file.seek(0)
        rv = tmp.file.read()
        self.assertEquals(rv, '0')
Exemplo n.º 20
0
    def test_control_file_bad_permissions_permutations(self):
        cfg = self.config
        modes = [
            0606,
            0660,
            0622,
        ]
        for mode in modes:
            tmp = tempfile.NamedTemporaryFile()
            os.chmod(tmp.name, mode)

            env = MockEnviron({
                'common_name': self.config['username'],
                'password': self.config['password'],
                'auth_control_file': tmp.name,
                'assert_pin': self.herokuapp_dot_com_pin,
            })
            validator = OktaOpenVPNValidator()
            validator.site_config = cfg
            validator.env = env
            self.assertRaises(ControlFilePermissionsError, validator.run)
            tmp.close()
    def test_control_file_bad_permissions_permutations(self):
        cfg = self.config
        modes = [
            0606,
            0660,
            0622,
            ]
        for mode in modes:
            tmp = tempfile.NamedTemporaryFile()
            os.chmod(tmp.name, mode)

            env = MockEnviron({
                'common_name': self.config['username'],
                'password': self.config['password'],
                'auth_control_file': tmp.name,
                'assert_pin': self.herokuapp_dot_com_pin,
                })
            validator = OktaOpenVPNValidator()
            validator.site_config = cfg
            validator.env = env
            self.assertRaises(ControlFilePermissionsError, validator.run)
            tmp.close()
    def test_OktaOpenVPNValidator_run(self):
        cfg = {"okta_url": self.okta_url, "okta_token": self.okta_token}
        tmp = tempfile.NamedTemporaryFile()
        env = MockEnviron(
            {
                "common_name": self.config["username"],
                "password": self.config["password"],
                "auth_control_file": tmp.name,
                "assert_pin": self.herokuapp_dot_com_pin,
            }
        )

        validator = OktaOpenVPNValidator()
        validator.site_config = cfg
        validator.env = env

        validator.run()

        self.assertTrue(validator.user_valid)
        tmp.file.seek(0)
        rv = tmp.file.read()
        self.assertEquals(rv, "1")
        last_error = self.okta_log_messages["info"][-1:][0]
        self.assertIn("is now authenticated with MFA via Okta API", last_error)